Program Overview

The FIRST Technical Colloquium (TC) event is restricted to FIRST members only and will be held in Mar 25-28, 2008.

Nevertheless, since this will be a joint event with other CSIRT initiatives in the region, there will be additional events adjacent to the TC in order to achieve non-FIRST-members as well. The event is the Security Workshop.

Network Forensics with netflow tools

Werner Schram

This is a lab to learn about the benefits of netflow data. Open source tools (like flowd, nfdump/nfsen) as well as tools and extensions developed within SURFcert will be shown. The main goal is to gain enough experience to setup a netflow environment best suited for your own network. Combined with some real world examples.

Format

To participate students are advised to install vmware (www.vmware.com). Images will be provided during class.

Network Security Analysis: In-depth analysis with Sguil

The main focus on this hands-on is to conduct analysis when an analyst presented with raw network traffics, an analyst should be able to read, decode, interpret and understand in details the nature of the attacks. By using relevant tools, it will assist the analyst to see the 'bigger' picture especially when he or she is able to correlate events from multiple sources. The Sguil is a few collection tools such as Tcpdump, Snort IDS, Tcpflow, Sancp, and Barnyard. The main idea of Sguil framework is to allow an analyst to conduct fastest and details analysis on network traffics within short period of time. The correlation between events can be investigate and analyze more in-depth and faster compare to traditional ways. Detecting either the attacks in data from network traffics are successfully or not can be confirmed as well. Fastest way of analyzing and detecting attacks on network traffics is critical. By using Sguil as framework to analyze and detect the network attacks will help analysts for conducting faster and details analysis.

Format

To participate students are advised to install vmware (www.vmware.com). Images will be provided during class.

Web Server Security workshop

Damien Curtain, Richard Billington

This full day hands-on course will cover technical aspects of protection strategies for UNIX based servers utilising Apache web server, MySQL database and PHP application services. While focusing on generic UNIX/Linux operating system protection strategies, this course will be utilising FreeBSD for the practical exercises.

The course will identify common attack types, misconfigurations and architectural issues associated with maintaining a web-based application infrastructure.

Format

To participate students are advised to install vmware (www.vmware.com). Images will be provided during class.